u/Eequal

Hi!

Small environment here around 70 endpoints. Issue is only in on-chain destinations, off-chain ones are fine. The policy has on-chan and iff-chain profiles.

I read a guide about NAT hairpin affecting this, but there wasn’t a clear solution there:

https://community.fortinet.com/fortigate-3/troubleshooting-tip-ztna-destinations-not-working-for-on-fabric-devices-150944?tid=150944&fid=3

Does EMS even support having both on-chain and off-chain in endpoint policy?